ISHACK AI BOT

MFSA2023-36 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.2 (CVE-2023-4582) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/29/2023 Created 08/30/2023 Added 08/30/2023 Modified 01/28/2025 Description Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) mozilla-firefox-esr-upgrade-115_2 References https://attackerkb.com/topics/cve-2023-4582 CVE - 2023-4582 http://www.mozilla.org/security/announce/2023/mfsa2023-36.html

MFSA2023-35 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.15 (CVE-2023-4576) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 08/29/2023 Created 08/30/2023 Added 08/30/2023 Modified 01/28/2025 Description On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) mozilla-firefox-esr-upgrade-102_15 References https://attackerkb.com/topics/cve-2023-4576 CVE - 2023-4576 http://www.mozilla.org/security/announce/2023/mfsa2023-35.html

MFSA2023-36 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.2 (CVE-2023-4584) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/29/2023 Created 08/30/2023 Added 08/30/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) mozilla-firefox-esr-upgrade-115_2 References https://attackerkb.com/topics/cve-2023-4584 CVE - 2023-4584 http://www.mozilla.org/security/announce/2023/mfsa2023-36.html

MFSA2023-36 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.2 (CVE-2023-4583) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/29/2023 Created 08/30/2023 Added 08/30/2023 Modified 01/28/2025 Description When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) mozilla-firefox-esr-upgrade-115_2 References https://attackerkb.com/topics/cve-2023-4583 CVE - 2023-4583 http://www.mozilla.org/security/announce/2023/mfsa2023-36.html

MFSA2023-38 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.2 (CVE-2023-4574) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/29/2023 Created 09/05/2023 Added 09/05/2023 Modified 02/14/2025 Description When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) mozilla-thunderbird-upgrade-115_2 References https://attackerkb.com/topics/cve-2023-4574 CVE - 2023-4574 http://www.mozilla.org/security/announce/2023/mfsa2023-38.html

MFSA2023-38 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.2 (CVE-2023-4575) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/29/2023 Created 09/05/2023 Added 09/05/2023 Modified 02/14/2025 Description When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) mozilla-thunderbird-upgrade-115_2 References https://attackerkb.com/topics/cve-2023-4575 CVE - 2023-4575 http://www.mozilla.org/security/announce/2023/mfsa2023-38.html

MFSA2023-38 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.2 (CVE-2023-4576) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 08/29/2023 Created 09/05/2023 Added 09/05/2023 Modified 02/14/2025 Description On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) mozilla-thunderbird-upgrade-115_2 References https://attackerkb.com/topics/cve-2023-4576 CVE - 2023-4576 http://www.mozilla.org/security/announce/2023/mfsa2023-38.html

MFSA2023-38 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.2 (CVE-2023-4580) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 08/29/2023 Created 09/05/2023 Added 09/05/2023 Modified 01/28/2025 Description Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) mozilla-thunderbird-upgrade-115_2 References https://attackerkb.com/topics/cve-2023-4580 CVE - 2023-4580 http://www.mozilla.org/security/announce/2023/mfsa2023-38.html

MFSA2023-38 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.2 (CVE-2023-4583) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/29/2023 Created 09/05/2023 Added 09/05/2023 Modified 01/28/2025 Description When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) mozilla-thunderbird-upgrade-115_2 References https://attackerkb.com/topics/cve-2023-4583 CVE - 2023-4583 http://www.mozilla.org/security/announce/2023/mfsa2023-38.html

MFSA2023-34 Firefox: Security Vulnerabilities fixed in Firefox 117 (CVE-2023-5732) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/29/2023 Created 10/26/2023 Added 10/25/2023 Modified 01/28/2025 Description An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Solution(s) mozilla-firefox-upgrade-117_0 References https://attackerkb.com/topics/cve-2023-5732 CVE - 2023-5732 http://www.mozilla.org/security/announce/2023/mfsa2023-34.html

MFSA2023-34 Firefox: Security Vulnerabilities fixed in Firefox 117 (CVE-2023-4578) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/29/2023 Created 08/30/2023 Added 08/30/2023 Modified 01/28/2025 Description When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) mozilla-firefox-upgrade-117_0 References https://attackerkb.com/topics/cve-2023-4578 CVE - 2023-4578 http://www.mozilla.org/security/announce/2023/mfsa2023-34.html

Gentoo Linux: CVE-2023-4572: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/29/2023 Created 02/02/2024 Added 02/01/2024 Modified 01/28/2025 Description Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4572 CVE - 2023-4572 202401-34

Ubuntu: USN-7118-1 (CVE-2023-40889): ZBar vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/29/2023 Created 11/23/2024 Added 11/22/2024 Modified 01/28/2025 Description A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner. Solution(s) ubuntu-pro-upgrade-libzbar0 References https://attackerkb.com/topics/cve-2023-40889 CVE - 2023-40889 USN-7118-1

Ubuntu: (Multiple Advisories) (CVE-2023-3995): Linux kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/29/2023 Created 08/31/2023 Added 08/31/2023 Modified 11/08/2023 Description Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2023-4147. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1026-gkeop ubuntu-upgrade-linux-image-5-15-0-1031-nvidia ubuntu-upgrade-linux-image-5-15-0-1031-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1036-ibm ubuntu-upgrade-linux-image-5-15-0-1036-raspi ubuntu-upgrade-linux-image-5-15-0-1038-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1040-gcp ubuntu-upgrade-linux-image-5-15-0-1040-gke ubuntu-upgrade-linux-image-5-15-0-1040-kvm ubuntu-upgrade-linux-image-5-15-0-1041-oracle ubuntu-upgrade-linux-image-5-15-0-1043-aws ubuntu-upgrade-linux-image-5-15-0-1045-azure ubuntu-upgrade-linux-image-5-15-0-1045-azure-fde ubuntu-upgrade-linux-image-5-15-0-82-generic ubuntu-upgrade-linux-image-5-15-0-82-generic-64k ubuntu-upgrade-linux-image-5-15-0-82-generic-lpae ubuntu-upgrade-linux-image-5-15-0-82-lowlatency ubuntu-upgrade-linux-image-5-15-0-82-lowlatency-64k ubuntu-upgrade-linux-image-6-1-0-1020-oem ubuntu-upgrade-linux-image-6-2-0-1003-starfive ubuntu-upgrade-linux-image-6-2-0-1008-ibm ubuntu-upgrade-linux-image-6-2-0-1010-aws ubuntu-upgrade-linux-image-6-2-0-1010-azure ubuntu-upgrade-linux-image-6-2-0-1010-oracle ubuntu-upgrade-linux-image-6-2-0-1011-kvm ubuntu-upgrade-linux-image-6-2-0-1011-lowlatency ubuntu-upgrade-linux-image-6-2-0-1011-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1011-raspi ubuntu-upgrade-linux-image-6-2-0-1012-gcp ubuntu-upgrade-linux-image-6-2-0-31-generic ubuntu-upgrade-linux-image-6-2-0-31-generic-64k ubuntu-upgrade-linux-image-6-2-0-31-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 References https://attackerkb.com/topics/cve-2023-3995 CVE - 2023-3995 USN-6315-1 USN-6316-1 USN-6318-1 USN-6321-1 USN-6325-1 USN-6328-1 USN-6330-1 USN-6332-1 USN-6348-1 View more

Red Hat: CVE-2023-38802: Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/29/2023 Created 09/20/2023 Added 09/19/2023 Modified 01/28/2025 Description FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). Solution(s) redhat-upgrade-frr redhat-upgrade-frr-debuginfo redhat-upgrade-frr-debugsource redhat-upgrade-frr-selinux References CVE-2023-38802 RHSA-2023:5194 RHSA-2023:5195 RHSA-2023:5219 RHSA-2023:5457

Ubuntu: USN-6807-1 (CVE-2023-38802): FRR vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/29/2023 Created 06/07/2024 Added 06/07/2024 Modified 01/28/2025 Description FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). Solution(s) ubuntu-pro-upgrade-frr References https://attackerkb.com/topics/cve-2023-38802 CVE - 2023-38802 DSA-5495 USN-6807-1

Red Hat: CVE-2023-41359: frr: out of bounds read in bgp_attr_aigp_valid (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 08/29/2023 Created 05/01/2024 Added 05/01/2024 Modified 09/03/2024 Description An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation. Solution(s) redhat-upgrade-frr redhat-upgrade-frr-debuginfo redhat-upgrade-frr-debugsource redhat-upgrade-frr-selinux References CVE-2023-41359 RHSA-2024:2156

CentOS Linux: CVE-2023-38802: Important: frr security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/29/2023 Created 09/20/2023 Added 09/19/2023 Modified 01/28/2025 Description FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). Solution(s) centos-upgrade-frr centos-upgrade-frr-debuginfo centos-upgrade-frr-debugsource centos-upgrade-frr-selinux References DSA-5495 CVE-2023-38802

MFSA2023-35 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.15 (CVE-2023-4573) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/29/2023 Created 08/30/2023 Added 08/30/2023 Modified 01/28/2025 Description When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) mozilla-firefox-esr-upgrade-102_15 References https://attackerkb.com/topics/cve-2023-4573 CVE - 2023-4573 http://www.mozilla.org/security/announce/2023/mfsa2023-35.html

MFSA2023-34 Firefox: Security Vulnerabilities fixed in Firefox 117 (CVE-2023-4574) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/29/2023 Created 08/30/2023 Added 08/30/2023 Modified 01/28/2025 Description When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) mozilla-firefox-upgrade-117_0 References https://attackerkb.com/topics/cve-2023-4574 CVE - 2023-4574 http://www.mozilla.org/security/announce/2023/mfsa2023-34.html

MFSA2023-36 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.2 (CVE-2023-4577) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/29/2023 Created 08/30/2023 Added 08/30/2023 Modified 01/28/2025 Description When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) mozilla-firefox-esr-upgrade-115_2 References https://attackerkb.com/topics/cve-2023-4577 CVE - 2023-4577 http://www.mozilla.org/security/announce/2023/mfsa2023-36.html

Red Hat: CVE-2023-41360: frr: ahead-of-stream read of ORF header (Multiple Advisories) Severity 4 CVSS (AV:N/AC:H/Au:N/C:P/I:N/A:P) Published 08/29/2023 Created 05/01/2024 Added 05/01/2024 Modified 09/03/2024 Description An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. Solution(s) redhat-upgrade-frr redhat-upgrade-frr-debuginfo redhat-upgrade-frr-debugsource redhat-upgrade-frr-selinux References CVE-2023-41360 RHSA-2024:2156

MFSA2023-36 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.2 (CVE-2023-4580) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 08/29/2023 Created 08/30/2023 Added 08/30/2023 Modified 01/28/2025 Description Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) mozilla-firefox-esr-upgrade-115_2 References https://attackerkb.com/topics/cve-2023-4580 CVE - 2023-4580 http://www.mozilla.org/security/announce/2023/mfsa2023-36.html

MFSA2023-36 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.2 (CVE-2023-4578) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/29/2023 Created 08/30/2023 Added 08/30/2023 Modified 01/28/2025 Description When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) mozilla-firefox-esr-upgrade-115_2 References https://attackerkb.com/topics/cve-2023-4578 CVE - 2023-4578 http://www.mozilla.org/security/announce/2023/mfsa2023-36.html

MFSA2023-36 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.2 (CVE-2023-4585) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/29/2023 Created 08/30/2023 Added 08/30/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) mozilla-firefox-esr-upgrade-115_2 References https://attackerkb.com/topics/cve-2023-4585 CVE - 2023-4585 http://www.mozilla.org/security/announce/2023/mfsa2023-36.html